Fortinet Firewall
The Fortinet Firewall integration allows you to deploy a Managed Next-Generation Firewall (NGFW) directly into your Virtual Network (VNET). This service provides advanced security capabilities beyond standard filtering, such as Intrusion Prevention (IPS), Deep Packet Inspection (DPI), and Advanced Malware Protection.
By integrating a Fortinet appliance, you can leverage the Premium Action within your Firewall Rules to redirect specific traffic streams through the Fortinet engine for high-performance security inspection.
When to use Fortinet Firewall
- Advanced Threat Protection: When your organization requires sandboxing, botnet protection, or antivirus scanning at the network edge.
- Deep Packet Inspection: For granular visibility into encrypted traffic and application-layer protocols.
- Regulatory Compliance: Meeting strict security standards that require dedicated high-performance firewall appliances.
Prerequisites
Before deploying a Fortinet Firewall, ensure you have:
- A Virtual Network (VNET) already deployed.
- One or more DC Ports available to facilitate the connection between the firewall cluster and the Wanscale fabric. See DC Port.
Ordering a Fortinet Firewall
- Navigate to the Home page of the Wanscale Platform.
- Click the Add Service button.
- Select Fortinet Firewall from the service list.
- Click Go to service form.
- Complete the following fields in the service form:
- Name: Enter a unique name for the firewall service.
- Tags (Optional): Add metadata for internal organization.
- Deployment Type: Select between a Physical Appliance or a Virtual Appliance.
- For Virtual Appliances, select the Size and the Security Bundle Type (see details below).
- For Physical Appliance, select the DC ports and optional vlans this Appliance is connected to.
- When the firewall is unavailable: Select the action to take when the firewall is unavailable.
- Block traffic: All traffic is dropped
- Bypass Firewall: Traffic is allowed based on existing Firewall Rules in the portal.
- Address Space: Enter a unique IPv4 prefix dedicated to the firewall management and routing.
- Virtual Network: Select the VNET this Fortinet is attached to.
- Click Submit.
Note
Configuration Scope: This documentation covers the provisioning and integration of the Fortinet service within the Wanscale Portal. Internal FortiOS configuration (e.g., specific FortiGate policies or objects) is managed directly through the Fortinet administrative interface and is outside the scope of this guide.
Tip
Once provisioned, you can utilize this service by selecting the Premium action in your Firewall Rules to steer traffic to the firewall instance.
Virtual Appliance Sizing & Security Bundles
Sizing Specifications
| Technical Specifications | VM-01S | VM-02S | VM-04S | VM-08S |
|---|---|---|---|---|
| vCPU Support (Min / Max) | 1 / 1 | 1 / 2 | 1 / 4 | 1 / 8 |
| Storage Support (Min / Max) | 32 GB / 2 TB | 32 GB / 2 TB | 32 GB / 2 TB | 32 GB / 2 TB |
| Firewall Policies | 10,000 | 10,000 | 10,000 | 200,000 |
| Virtual Domains (Default / Max) | 2 / 10 | 2 / 25 | 2 / 50 | 2 / 500 |
| Max Wireless APs Controlled (Tunnel / Global) | 32 / 64 | 512 / 1024 | 512 / 1024 | 1024 / 4096 |
| Maximum Number of FortiSwitches | 8 | 24 | 64 | 300 |
| Maximum Number of Registered Endpoints | 2 000 | 2 000 | 8 000 | 20 000 |
| Unlimited User License | Yes | Yes | Yes | Yes |
Note
Note: All performance values are “up to” and vary depending on system configuration.
Note
- FG-VM S-Series does not come with a multi-VDOM feature by default. You can add it by applying separate subscription VDOM licenses.
FortiGuard Security Bundles
| Feature / Service | UTP | ATP |
|---|---|---|
| NETWORK SECURITY | ||
| IPS | ✓ | ✓ |
| IPS | ✓ | ✓ |
| Malicious/Botnet URLs | ✓ | ✓ |
| FILE CONTENT SECURITY | ||
| ADVANCED MALWARE PROTECTION (AMP) | ✓ | ✓ |
| Antivirus (AV) | ✓ | ✓ |
| Botnet Domains | ✓ | ✓ |
| Mobile Malware | ✓ | ✓ |
| Virus Outbreak Protection | ✓ | ✓ |
| Content Disarm & Reconstruct* | ✓ | ✓ |
| AI-based Heuristic AV | ✓ | ✓ |
| FortiGate Cloud Sandbox | ✓ | ✓ |
| WEB & DNS SECURITY | ||
| URL, DNS & VIDEO FILTERING | ✓ | |
| URL Filtering | ✓ | |
| DNS Filtering | ✓ | |
| Video Filtering* | ✓ | |
| Anti-Botnet and C2 Service | ✓ | |
| Malicious Certificate | ✓ | |
| ANTI-SPAM | ✓ |
Note
- Some advanced services may have hardware or OS version specific availability requirements.
Note
Applying Changes: Like all networking services in the portal, your new Fortinet Firewall will not be active until you deploy the changes. See Workflows and Applying Changes.